[Cryptography] Possible reason why password usage rules are such a mess

Peter Gutmann pgut001 at cs.auckland.ac.nz
Thu Mar 5 19:43:20 EST 2020


Radia Perlman <radiaperlman at gmail.com> writes:

>I've never heard a good technical explanation for requiring periodic password
>changes, but wouldn't all the arguments about why it's silly to require
>frequent password changes apply to requiring certificate renewals?

The argument isn't technical, it's financial, 12 months is the CA billing
period.

However, the same arguments against unnecessary password changes also hold for
unnecessary certificate changes.  Vast numbers of users just re-certify the
same key year in, year out [References available in request, couldn't be
bothered digging them up at the moment], so it provides no extra protection
for the key, but what it does provide is a large amount of extra exposure.

The riskiest time in the life cycle of a certificate is when it's (re-)issued
and installed.  When it's in use it's (presumably) safely locked up, but
during the rollover period it's at it's most vulnerable, exposed to attack.
Compounding the problem, every certificate publicly announces when it'll be in
its most-vulnerable phase, allowing attackers to target it during that time
interval.  What's more, CAs expect panicked certificate changes close to the
expiry period and allow more lax methods of authorising the changeover (in one
pen-test an urgent phonecall about "our servers are down because the cert has
expired, we need a new one quickly!" was all that was required to get a
certificate issued to a random third party), so the checking during the window
of maximum vulnerability is often far less than the often minimal enough
checking during normal operation.

Another thing with unnecessary changes is that probably the most suspicious
things to happen to a certificate is for it to suddenly change, particularly
in the presence of certificate pinning.  On the other hand if your certificate
pinning mechanism takes expiry into account then it completely defeats the
pinning because the attacker just has to look at the expiry date, perform
their attack then, and the pinning mechanism will happily accept it as the new
certificate.

So forced certificate changes are just as useful as forced password changes,
meaning they have a net negative impact on security.

And then you've got Apple, who's adding fuel to the existing dumpster fire by
forcing all certs to change every 12 months.

Peter.


More information about the cryptography mailing list